CVE-2021-45721

JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting XSS through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory...

Jenkins allows for Privilege Escalation by Remote Authenticated Users

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users...

CVE-2017-17822

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

CVE-2017-17822

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

Sql injection

The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

CVE-2017-17822

CVE-2017-17822 affects Piwigo 2.9.2, specifically the List Users API. The vulnerability is a SQL injection in the List Users API component, exploitable via the /admin/user_list_backend.php sSortDir_0 parameter, allowing an attacker to access data in a connected MySQL database. Multiple connected ...

CVE-2017-7284

An attacker that has hijacked a Unitrends Enterprise Backup before 9.1.2 web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover...